How to verify a checksum in Linux
4 January, 2021
tl;dr, where the following command should echo the checksum if it is correct:
<checksum function> filename.ext | grep <checksum string>
sha256sum file.txt | grep 3b884f7a5ea2c482451123beaaa0def0427f900371467488babe7ccdfcb66b4a
This post is simply a short note describing one method of verifying checksums in Linux.
All that we do is calculate the checksum for the file in question, and then pipe the output to
grep and paste the result that we're expecting.
For example, let's say we've just downloaded a file called
cheese.txt that only contains the string
cheese. We know that the SHA256 sum for this file is
3b884f7a5ea2c482451123beaaa0def0427f900371467488babe7ccdfcb66b4a. Let's recreate this here, by creating the file:
echo cheese > cheese.txt
Now we want to generate the SHA256 sum and compare it against the known checksum that we listed above. To do this, we pass our file to the
sha256sum command, and pipe the output to
grep, the target of which is our copy/pasted known checksum. For example:
sha256sum cheese.txt | grep 3b884f7a5ea2c482451123beaaa0def0427f900371467488babe7ccdfcb66b4a
If the checksum is returned from the above command (via
grep), then we know that the checksums match and everything is okay. If nothing is returned, then the checksums don't match and we might be in trouble. In that case, don't install or trust whatever you just downloaded!
If you need to check against a different checksum algorithm, e.g., MD5, then don't forget to replace
sha256sum with the appropriate command.
I actually stumbled upon this particular method in a comment by the user "O" on the It's FOSS website here: